You must remove Hyper-V functionality service from your system or disable device guard and credential guard if you want to start virtual machines of VMware Workstation. VMware Workstation can be run after disabling Device/Credential Guard. VMware Workstation and Device/Credential Guard are not compatible. Review the information and click Finish. The additional instructions provided by VMware include going to "Turn Windows Features on and Off". VMware Workstation VMware Workstation 15.5 Now Supports Host Hyper-V Mode. To use other virtualization software, you must disable Hyper-V Hypervisor, Device Guard, and Credential Guard. Virtual Secure Mode (VSM) is a feature to leverage processor virtualization extensions that secures data in an isolated region of memory. Microsoft virtualization-based security, also known as "VBS", is a feature of the Windows 10 and Windows Server 2016 operating systems. Configure VBS in a new Windows VM 1. Credential Guard does not provide additional protection from privileged system attacks originating from the host. Device Guard/Credential Guard are not compatible with VMware Workstation because Hyper-V is leveraged for hardening the system. Select Disabled. Enable Windows Defender Credential Guard: Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa. Go to Local Computer Policy > Computer Configuration > Administrative Templates > System > Device Guard > Turn on Virtualization Based Security. Click on Save to commit the changes. Under System Summary on the Right-hand page, scroll down to Virtualization-based Security and ensure the Value is set to Not enabled. Credential guard is enabled by configuring VSM (steps above) and configuring the Virtualization Based Security Group Policy setting with Credential Guard configured to be enabled. Credential Guard can protect secrets in a Hyper-V virtual machine, just as it would on a physical machine. Credential Guard: Aims to isolate and harden key system and user secrets against compromise. VMware Workstation can be run after disabling Device/Credential Guard. If you don't use Hyper-V at all, VMware Workstation is smart enough to detect this and the VMM will be used. Windows Defender Credential Guard is a security feature in Windows 10 Enterprise and Windows Server 2016 and above that uses virtualization-based security to protect your credentials. Configurable Code Integrity: Ensures that only trusted code runs from the boot loader onwards. The Windows Defender Credential Guard was introduced in Windows 10 Enterprise and Windows Server 2016, and Windows Server 2019. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. I had the same problem to run virtual mac. Please Visit http://www.vmware.com/go/turnoff CG DG for more details. To disable Device Guard or Credential Guard the first step is the following: Disable the group policy setting that was used to enable Credential Guard. Vmware will run after disabling the device/credential By Windows Powershell tools to Enable/Disable Hyper-V Download Windows Powershell tools dgreadiness_v3.6 is a tool that Microsoft published to enabled/disable Device Guard/Credential Guard -- https://www.microsoft.com/en-us/download/details.aspx?id=53337 Execute dgreadiness_v3.6 scripts with proper parameter by administrator user .the VSM instance is segregated from the normal operating system functions and is protected by attempts to read information in that mode. Method 1: Disabling Hyper-V According to various user reports, one of the most common causes that will trigger the " VMware and DeviceCredential Guard are not Compatible " error is a conflict between Hyper-V (Microsoft's proprietary virtualization technology) and VMware. GPO 2. Select the Enable Windows Virtualization Based Security check box. Select the Windows VM and click on edit settings. You no longer have to choose between running VMware Workstation and Windows features like WSL, Device Guard and Credential Guard. In Windows 10 Windows Defender Credential Guard is a security feature that uses virtualization-based security to protect your credentials, by default, this credential guard is enabled in windows 10, with credential guard enabled, only trusted, privileged applications are processed are allowed to access user secrets or credentials. Please visit http://www.vmware.com/go/turnoff_CG_DG for more details. VMware Workstation can be run after disabling Device/Credential Guard. Open msinfo32/system information on Windows 10 2. Credential Guard is a virtualization-based isolation technology for Local Security Authority Subsystem Service that can prevent attackers from stealing credentials. Select the latest compatibility mode to get the latest VM Hardware version. The Local group Policy Editor opens. Win10home does not include Hyper-v support. How to disable Hyper-V. You can disable Hyper-V Hypervisor either in Control Panel or by using Windows PowerShell. Ready to complete. Credential Guard fully depends on Virtual Secure Mode. DGReadiness Tool To disable the Device/Credential Guard via local group policy or AD Group Policy (if the client is domain joined): Click Start > "Run" or press Win Key + R and type" gpedit.msc " to open the local group policy editor. Device Guard and Credential Guard are the new security features that are only available on Windows 10 Enterprise today. Credential Guard is a feature to minimize the impact of attacks if malicious code is already running by isolating system and user secrets to make more difficult to compromising. Create a new Windows VM (Windows 10, Windows 2016 or higher). Data stored by the isolated LSA process is protected using Virtualization-based security and isn't accessible to the rest of the operating system. If Hyper-V is truly disabled (not just management tools removed), then it might be something else blocking it. 2. The very problem of understanding and satisfying the requirements of Credential Guard (be it on a physical or virtual machine) is actually the problem of understanding and satisfying the requirements of running Virtual Secure Mode. If you dont have the \Scenarios key in the \DeviceGuard key you create it by right clicking on the \DeviceGuard, new key, then name it Scenarios "VMware Workstation and Device/Credential Guard are not compatible" error in VMware Workstation on Windows 10 host (2146361) ThinkPad support for Hypervisor-Protected Code Integrity and Windows Defender Credential Guard in Microsoft Windows Windows devices with Windows Defender Credential Guard and Symantec Endpoint Protection 12.1 Hello I am facing the problem that Vmware workstation Device/Credential guard are not compatible. Device Guard: Provides a set of features designed to work together to prevent and eliminate malware from running on a Windows system. LSA uses . They are NOT compatible. bcdedit /set hypervisorlaunchtype offshutdown /r /t 0VMware Player and Device/Credential Guard are not compatible. When doing so, neither Device Guard or Credential Guard are configured. With Windows Defender Credential Guard enabled, the LSA process in the operating system talks to a new component called the isolated LSA process that stores and protects those secrets. In 2013 I did a post about using VMware Workstation and Hyper-V together on Windows 8, link. We recommend that in addition to deploying Windows Defender Credential Guard, organizations move away from passwords to other authentication methods, such as physical smart cards, virtual smart cards, or Windows Hello for Business. Add a new DWORD value named LsaCfgFlags. Way 3. 3. Please Visit http://www.vmware.com/go/turnoff CG DG for more details is error happen w. VMware Workstation 10 . Set the value of this registry setting to 1 to enable Windows Defender Credential Guard with UEFI lock, set it to 2 to enable Windows Defender Credential Guard without lock, and set it to 0 to disable it. Share Improve this answer answered Jul 1, 2019 at 6:46 shahram momeni 1 3 Add a comment 0 Customize the hardware, for example, by changing disk size or CPU. i did this two step. Configuring them as Disabled does not solve the problem. From CMD as administrator type: bcdedit /set hypervisorlaunchtype off This command will disable Windows 10 de. 1. Zongmin. Credential Guard/Device Guard Windows Sandbox Virtual machine platform WSL2 Hyper-V Verify Virtualization-based Security (VBS) is Enabled/Not Enabled: 1. Customize hardware. May 28, 2020. Click on the VM Options tab. How to Enable or Disable Credential Guard in Windows 10 Windows Defender Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Device/Credential Guard is disabled using: 1. Cookie Settings . Hence, it can provide a kind of protection for your data. Device Guard is a combination of enterprise-related hardware and software security features that, when configured together, will lock a device down so that it can only run trusted applications. Disable Hyper-V . On the host operating system, click Start > Run, type gpedit.msc, and click Ok. When all steps are finished, reboot your computer and check whether the error that VMware workstation and device/credential guard are not compatible is fixed. Modify the BCD File To fix the issue that VMware workstation and device/credential guard are not compatible, you can choose to modify the BCD file. On the host operating system, click S tart > Run, type gpedit.msc, and click Ok. AMD CPU: Select either Windows 10 (64-bit) or Windows Server 2019 (64-bit). 1_ turned off windows features "Hyper-v" and "virtual machine platform" and "windows hypervisor platform" and restarted windows. The instructions provided by the VMware warning link, detail running the group policy editor and locating Device Guard. With Credential Guard enabled, only trusted, privileged applications and processes are allowed to access user secrets, or credentials. Below is a tested solution (with Windows 10 1803 and VMware Workstation Pro 14). First you need to Disable Group Policy. for that search for "Run" and type "gpedit.msc" in that Goto Local Computer Policy - Computer Configuration - Administrative Templates - System - Device. Disable Hyper-V in Control Panel VMware Workstation and Device/Credential Guard Error FixHow to disable Device Guard and Credential GuardFOLLOW ME AT: Twitter: https://twitter.com/GhostVaper. Windows Defender Credential Guard uses hardware security, so some features such as Windows To Go, aren't supported. It uses hardware and software virtualization to enhance Windows system security by creating an isolated, hypervisor-restricted, specialized subsystem. Enable the Virtualized Based Security option. So, if you're faced with this VMware Workstation and Device/Credential Guard not compatible issue on Windows 11/10, you can try the 2-step solution below to resolve the issue. It's often called Device Guard and/or Credential Guard. Please check below link: VMware Knowledge Base The Local group Policy Editor opens. It's supported on Windows Server 2016 and 2019, as well as Windows 10, and fully supported on vSphere 6.7 and newer. When Credential Guard is deployed on a VM, secrets are protected from attacks inside the VM. VMware Player can be run after disabling D. Credential Guard. I had to disable the Device/Credential Guard in my local group policy and I opened a "run" prompt by pressing Win Key + R and typed " gpedit.msc " to open the local group policy editor. 2_ installed last version Mac OS X Unlocker for VMware. Now, here is the tutorial. When Hyper-V is enabled, ULM mode will automatically be used so you can run VMware Workstation normally. Virtualization-Based Security (VBS) is a Microsoft technology that creates a separate memory space for credentials and secrets inside Windows. If you want to disable Hyper-V Hypervisor, follow the steps in next two sections. Device/Credential Guard is a Hyper-V based Virtual Machine/Virtual Secure Mode that hosts a secure kernel to make Windows 10 much more secure. Once this is done, you can easily check if Credential Guard (or many of the other features from this article) is enabled by launching MSINFO32.EXE and viewing the .